Social Icons

Pages

Thursday, October 30, 2014

Retailers' alternative to Apple Pay just had a security breach

The Merchant Customer Exchange (MCX), a consortium of more than 50 U.S. retailers working on an alternative to Apple Pay, announced Wednesday that its service, called CurrentC, has experienced a security breach.

"Within the last 36 hours, we learned that unauthorized third parties
obtained the e-mail addresses of some of our CurrentC pilot program
participants and individuals who had expressed interest in the app," a
representative for MCX said in a statement provided to Mashable. "The CurrentC app itself was not affected."

While payment details were apparently not impacted, the incident
nonetheless casts an unflattering light on CurrentC at a time when the
payment service is already receiving greater scrutiny.

CVS and Rite Aid backed away from Apple Pay in favor of CurrentC, which one report suggested may be the result of fines retailers could face for breaking their contracts with MCX. (MCX has since put out a blog post confirming the exclusivity aspect, but said "there are no fines.")

CurrentC was first announced in 2012, well before Apple unveiled its
payment option, but it won't hit the market until sometime next year. At
first blush, CurrentC is a clunkier alternative that requires customers
to scan QR codes in order to make in-store payments. The email breach
may also raise questions about whether it's as secure as Apple Pay.

Apple CEO Tim Cook said earlier this week that more than one million credit cards were activated in Apple Pay in the first 72 hours.